inspector/front-end/ProfileView.js:
(WebInspector.ProfileView.prototype.refresh):
Here and in other functions: nodes we're searching in are profile data grid
nodes, so there is no more need for '_dataGridNode' references.
(WebInspector.ProfileView.prototype.searchCanceled):
(WebInspector.ProfileView.prototype.performSearch.matchesQuery):
Fixed accidental semicolon that caused 'matchesQuery' always return true.
(WebInspector.ProfileView.prototype.performSearch):
To perform search correctly in the case of bottom up tree, we need to populate
the tree, because there's no 1-to-1 correspondence between profile nodes and
data grid nodes in this case.
(WebInspector.ProfileView.prototype._jumpToSearchResult):

Fix flashing issues caused by compositing layers rendering content before
a deferred layout has happened. Because the -viewWillDraw machinery doesn't
work for composited layers, we need to use scheduleViewUpdate() to queue
up a layout via the run loop observer in WebKit, whenever we know we
are going to be painting soon.

Split the syncing portions of LocalStorageArea into StorageAreaSync.
This name will make more sense in the next patch (in this set) when
LocalStorageArea and SessionStorageArea are merged to become simply
StorageArea. (Thus the synching portion of StorageArea is in
StorageAreaSync.)

This looks like a big patch, but really all it's doing is splitting
code and patching split-related things up.

The problem was caused by the page returned with a function using a
var declaration list containing around ~3000 variables. The solution
to this is to flatten the comma expression representation and make
codegen comma expressions and initializer lists iterative rather than
recursive.

Fix for ​https://bugs.webkit.org/show_bug.cgi?id=26200 which I introduced earlier. I had
the smartReplace set TRUE initially, which was wrong since the purpose of this call is
to just replace the selection, and place the caret at the end of the selection it replaced.

The BytecodeGenerator objects were instantiated on stack, which takes up ~38kB per instance
(each instance includes copy of JSC::CodeBlock with large SymbolTable, etc.).
Specifically, since there is nested invocation (e.g., GlobalCode --> FunctionCode),
the stack overflows immediately on Symbian hardware (max. 80 kB).
Proposed change allocates generator objects on heap.
Performance impact (if any) should be negligible and change is proposed as general fix,
rather than ifdef'd for SYMBIAN.

Bit off a tiny bit more of standardizing opcode behavior to help with result
caching -- including removing my old enemy, op_resolve_function, because
it was non-standard, and removing it felt better than helping it limp along.

In r42597 (​https://bugs.webkit.org/show_bug.cgi?id=25244), I changed
the <select> handing for Chromium to fix a rendering bug. However,
although the font-size is correctly ignored, getRowHeight wasn't
updated and so was calculating the height of the rows in an
inconsistent manner. This can lead to a crash.

This makes it easier to handle errors in a standard way throughout all the code.
Since this new code raises by default when the exit_code != 0,
we should prevent future problems of bugzilla-tool continuing after
a git or svn command failed.

<rdar://problem/6950660> REGRESSION: iSale 5.5.3 crashes after I click a template to load

Due to some subtle WebKit changes - presumably some delegate callback behavior - a latent bug in
iSale was uncovered where they aren't properly retaining their FrameLoadDelegate, and we ended up
calling back to a dealloc'ed object.

WebView/WebView.mm:
(-[WebView _needsAdobeFrameReloadingQuirk]): Use more intelligent C++-style initialization.
(-[WebView _needsKeyboardEventDisambiguationQuirks]): Ditto.
(-[WebView _needsFrameLoadDelegateRetainQuirk]): YES for iSale versions under 5.6
(-[WebView dealloc]): Release the delegate if the quirk is in effect.
(-[WebView setFrameLoadDelegate:]): Retain the new delegate if the quirk is in effect.

page/mac/EventHandlerMac.mm:
(WebCore::EventHandler::passMouseDownEventToWidget): Surround the
-mouseDown: call with calls to Widget::beforeMouseDown() and
Widget::afterMouseDown(), which prevent the widget's view hierarchy from
being removed from its parent view while the scroller is tracking the
mouse.

Undo the changeset 21212 to fix the regression bug 14062.
The changeset 21212 attempted to fix rdar://problem/5002441.
The changeset 21212 modified InsertTextCommand::input so as to convert
all spaces in text to non-breaking spaces for rdar://problem/5002441.
However, the bug was originally caused by rebalanceWhitespaceAt
and this workaround introduced a regression bug 14062.
Because rebalanceWhitespaceAt appears to behave correctly now,
the workaround introduced in 21212 is no longer needed.

Undo the changeset 21212 to fix the regression bug 14062.
The changeset 21212 attempted to fix rdar://problem/5002441.
The changeset 21212 modified InsertTextCommand::input so as to convert
all spaces in text to non-breaking spaces for rdar://problem/5002441.
However, the bug was originally caused by rebalanceWhitespaceAt
and this workaround introduced a regression bug 14062.
Because rebalanceWhitespaceAt appears to behave correctly now,
the workaround introduced in 21212 is no longer needed.

The following test cases are affected by this change.
This patch removes unappropriate non-breaking spaces (&nbsp;) and
inserts normal spaces instead.

Add logic to CSSStyleDeclaration::diff to deal with font-sizes that are
keyword values. When diff is called on a CSSStyleDeclaration, we check
the keywordSize to see if font-size matches a keyword value.

This ensures that when we diff a CSSMutableStyleDeclaration returned from
copyInheritableProperties on a CSSComputedStyleDeclaration that we
correctly identify matching font-sizes.

Scripts/prepare-ChangeLog: Added --git-index mode to list only the
changes which are already staged in the index. Useful to create an
entry for what you're about to commit while ignoring unstaged changes.

rendering/RenderLayer.h:
Add a new PaintLayerPaintingReflection flag which is set while painting inside
reflections.
(WebCore::RenderLayer::setPaintingInsideReflection):
Add a setter so that RenderLayerBacking can call it.

rendering/RenderLayer.cpp:
(WebCore::shouldDoSoftwarePaint):
Utility to clarify the logic of when a composited layer should do a software paint.

(WebCore::RenderLayer::paintLayer):
Use shouldDoSoftwarePaint() to determine when to software-paint a reflected layer.
Remove transform-related tests from the reflection-painting if test because they appear
to be unnecessary.

If the insertion point is both the begining and ending visible position
then we need to insert at the end instead of the begining, which is what
would normally happen if the insertion point was as the begining.

Introduce a new boolean property to HTMLMediaElement called webkitPreservesPitch for script to control this.

html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::HTMLMediaElement): Currently the platforms that have a flexible pitch preservation
property (Quicktime on Mac and Win) have had it on by default, so continue that default for now.
(WebCore::HTMLMediaElement::loadResource):
(WebCore::HTMLMediaElement::webkitPreservesPitch):
(WebCore::HTMLMediaElement::setWebkitPreservesPitch):

platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
(WebCore::MediaPlayerPrivate::MediaPlayerPrivate):
(WebCore::MediaPlayerPrivate::createQTMovie): Rework to allow recreation of the movie with almost the
exact same attributes as before, with pitch preservation being the difference.
(WebCore::MediaPlayerPrivate::setPreservesPitch): Recreate the QTMovie if the flag actually changes.
(WebCore::MediaPlayerPrivate::updateStates): Restore current time and rate if this is a recreated movie.
(WebCore::MediaPlayerPrivate::timeChanged): Clear the time-to-be-restored, as this callback means it
has been effectively overwritten.

platform/graphics/win/QTMovieWin.cpp:
(QTMovieWinPrivate::QTMovieWinPrivate):
(QTMovieWinPrivate::~QTMovieWinPrivate):
(QTMovieWinPrivate::task): Restore current time and rate if this is a re-created movie.
(QTMovieWin::play): Clear the time-to-be-restored, as this effectively overwrites it.
(QTMovieWin::pause): Ditto.
(QTMovieWin::setRate): Ditto.
(QTMovieWin::setCurrentTime): Ditto.
(QTMovieWin::setPreservesPitch): Recreate the Movie if the flag actually changes.
(QTMovieWin::load): Rework to allow recreation of the Movie with similar state as the movie before it,
but changing the pitch preservation flag.

Simplify the interaction between LocalStorageArea/SessionStorageArea
and StorageArea by creating a "blockUntilImportComplete()" function
rather than bouncing back and forth between the child and parent
classes in a somewhat unintuitive manner.

This patch also paves the way for LocalStorageArea and
SessionStorageArea being merged into one. It's part of several in a
set which are separating syncing (to disk) code from the rest of the
implementation so that local storage and session storage's code can be
unified.

Add setFormContentType and setFormData since it is awkward for Chromium
to use setFormInfoFromRequest to set the underlying members. Also, add
a clearChildren method that Chromium needs. These methods are used as
part of the Chromium code that serializes a HistoryItem for storing in
the browser's session history.

​https://bugs.webkit.org/show_bug.cgi?id=26611
Implement currentThreadStackBase on WINCE by adding a global,
g_stackBase, which must be set to the address of a local variable
by the caller before calling any WebKit function that invokes JSC.

The #include <phonon> header no longer exists. And the <Phonon> or
<Phonon/Phonon> headers have never existed (neither for us nor for the
Phonon sources). You have to select each and every header that you do
want now.

The WindowRef we pass to the plugin refers to the the top level window,
so the x and y positions have to be relative to this position, but we
have to manually compensate for title bar decorations and other parents
of the QWebView since contentsToWindow() only traverses to the QWebView.

Previously we did this compensation when passing on mouse coordinates to
the plugin, which caused various issues with translations such as not
being able to close the Flash settings dialog, or the hand cursor not
appearing over links.

We now do the compensation as part of the call to NPP_SetWindow, and
then pass mouse coordinates in global context without any compensation,
similar to how both Safari and Mozilla does it.

The LiteralParser was making a new UString in order to use
toDouble, however UString's toDouble allows a much wider range
of numberic strings than the LiteralParser accepts, and requires
an additional heap allocation or two for the construciton of the
UString. To rectify this we just call WTF::dtoa directly using
a stack allocated buffer to hold the validated numeric literal.

More important than the tool itself are the Bugzilla, Git and SVN class abstractions
which I hope will allow easy writing of future tools.

The tool currently implements 10 commands, described below.

Helpers for scripting dealing with the commit queue:
bugs-to-commit Bugs in the commit queue
patches-to-commit Patches attached to bugs in the commit queue

Dealing with bugzilla:
reviewed-patches BUGID r+'d patches on a bug
apply-patches BUGID Applies all patches on a bug to the local working directory without committing.
land-and-update BUGID Lands the current working directory diff and updates the bug.
land-patches [options] BUGID Lands all patches on a bug optionally testing them first
obsolete-attachments BUGID Marks all attachments on a bug as obsolete.
commit-message Prints a commit message suitable for the uncommitted changes.

These effectively replace git-send-bugzilla:
post-diff BUGID Attaches the current working directory diff to a bug as a patch file.
post-commits BUGID COMMITISH Attaches a range of local commits to a bug as patch files.

post-diff works for SVN and Git, post-commits only works for SCMs with local-commit support (like Git)

​https://bugs.webkit.org/show_bug.cgi?id=26567
Upstream V8 bindings code generator. With this change, also added interface ancestor
traversal to IDL parser, which is necessary for V8 bindings. The traversal is used
to determine whether an interface is a Node to facilitate proper casting and storage
in V8DOMMap.

Remove 'arguments' field from Register union. Having JSCell derived types in the union is
dangerous since it opens the possibility for the field to be written as a raw pointer but
then read as a JSValue. This will lead to statle data being read for the tag, which may
be dangerous. Having removed Arguments* types form Register, all arguments objects must
always explicitly be stored in the register file as JSValues.

​https://bugs.webkit.org/show_bug.cgi?id=26430
<rdar://problem/6944442> Elements jump around when they become composited (WWDC checkers demo)
<rdar://problem/6989006> Lots of time spent in RenderLayerCompositor::calculateCompositedBounds()

during window resize when using hardware layers

Fix an ordering dependency which caused the compositing position of a layer
to be affected by some later sibling, which affected the compositing ancestor's
composited bounds.

The fix is to only update the compositing positions of layers in some subtree
when updateAfterLayout() has been called on all the layers in that subtree,
from the ancestor down.

Also cache the composited bounds of a RenderLayerBacking, now that we can
guarantee that those bounds are accurate.

In preparation for combining SessionStorage and LocalStorage into a
single StorageManager, move the syncing bits out of LocalStorage and
into its own class.

The next step is to combine LocalStorageArea and SessionStorageArea
into one. Then SessionStorage and LocalStorage can be combined.

Note that combining them will cut down on code paths that must be
proxied, eliminate virtual dispatch, and allow Chromium to (eventually)
write historical sessionStorage to disk when memory is getting tight.

Also remove a couple bits of cruft including code for quotas which is
unnecessary (since a meta-data db is unnecessary since you can just
count bytes as you read the local storage databases into memory).

platform/text/StringImpl.cpp:
(WebCore::StringImpl::ustring): Changed method calling syntax to look less like calling a
static method.
(WebCore::StringImpl::copy): Reverted part of r41917 that caused the problem.

platform/chromium/PopupMenuChromium.cpp:
(WebCore::isCharacterTypeEvent): Added. Check whether the event is a
character type event. "Char" in Windows or "KeyDown" in Mac is character
type event.
(WebCore::PopupListBox::typeAheadFind): Since m_lastCharTime is used to
indicate whether user types multiple characters continuely as a search
prefix or not, it should be only assigned when the event is character
type event.

Put a message in the console that announces that a profile has started,
similar to how a console message announces that a profile has finished.

inspector/InspectorController.cpp:
(WebCore::InspectorController::addProfile): Use renamed function.
(WebCore::InspectorController::addProfileFinishedMessageToConsole):
Renamed.
(WebCore::InspectorController::addStartProfilingMessageToConsole):
New function that logs the message about the profile starting.
(WebCore::InspectorController::startUserInitiatedProfiling): Ditto

inspector/InspectorController.h:

inspector/front-end/ProfilesPanel.js: Print the "run" of the profile's
title if there are multiple profiles, and take into account the fact
that titles are displayed twice as much now.
(WebInspector.ProfilesPanel.prototype.displayTitleForProfileLink):

<rdar://problem/6956606> REGRESSION (S4Beta -> Final): After the password is input,
Japanese can't be input.

WebKit uses a per-frame input context for most editable fields, and application's global
context for password fields, manually controlling secure input state and the list of available
input methods.

We were setting TSMDocument property to disable non-Roman input methods after focus changed
to a password field, but before selection was updated. This resulted in the property being
applied to a wrong TSMDocument in some cases, because TSMGetActiveDocument() uses input
context cached by +[NSApplication updateWindows], we change context based on selection,
not on focus.

page/mac/FrameMac.mm: (WebCore::Frame::setUseSecureKeyboardEntry): Since there is only one
context that we use for password fields - the global one - there is no need to get the active
one.

rendering/RenderObject.cpp:
(WebCore::RenderObject::destroy):
Removed the check for document()->frame(). If frame() is 0 in this code,
then the call to animation() is also incorrect (since it does document()->frame()->animation()).

Fix a crash in case that the QNetworkReply::readReady signal is
"stuck" in deferred mode due to JavaScript alert, and in the meantime,
QNetworkreply::finished signal is received and processed before
QNetworkReply::readReady is processed.

bindings/scripts/CodeGeneratorJS.pm: Tweaked mechanism for includes to be a bit
more consistent and to make SVGElement.h be included in the header rather than in
every implementation file that includes the header. Added code to use getAttribute
and setAttribute directly when the [Reflect] extended attribute is used.

bindings/scripts/CodeGeneratorObjC.pm: Ditto.

html/HTMLElement.idl: Used [Reflect] for all the attributes in this class that
reflect content attributes. Restricting this to one class for now to keep the
patch small and start out slowly.

Extend the LiteralParser to support the full strict JSON
grammar, fix a few places where the grammar was incorrectly
lenient. Doesn't yet support the JSON.parse reviver function
but that does not block the JSON.parse functionality itself.

Add a hook to the WebKit launcher application to allow a link on the nightly build start page to
trigger an update via the built-in software update mechanism.

Reviewed by Sam Weinig.

WebKitLauncher/WebKitLauncher.xcodeproj/project.pbxproj:

WebKitLauncher/WebKitLauncherURLProtocol.h: Added.

WebKitLauncher/WebKitLauncherURLProtocol.m: Added.

(+[WebKitLauncherURLProtocol load]):
(+[WebKitLauncherURLProtocol canInitWithRequest:]): Only allow use of the x-webkit-launcher scheme from .webkit.org subdomains.
(+[WebKitLauncherURLProtocol canonicalRequestForRequest:]):
(-[WebKitLauncherURLProtocol startLoading]):
(-[WebKitLauncherURLProtocol stopLoading]):
(-[WebKitLauncherURLProtocol handleIsWebKitLauncherAvailableJS]): Return a brief JavaScript snippet that can be used to programatically
determine whether the x-webkit-launcher is available and working.
(-[WebKitLauncherURLProtocol handleCheckForUpdates]): Trigger a software update on the main thread.
(-[WebKitLauncherURLProtocol resourceNotFound]): Fail with a generic "File does not exist" error.

Added optimized GC for MessagePorts when the entangled port is run by the same thread.
Fixed bug in isProxyFor() that was not properly throwing an exception when trying to clone the entangled port.

bindings/js/JSDOMBinding.cpp:
(WebCore::markActiveObjectsForContext):
Now marks remotely entangled ports as in-use, in addition to those with pending activity.

bindings/js/JSMessagePortCustom.cpp:
(WebCore::JSMessagePort::mark):
Now checks if the entangled port is local (run by same thread) and if so mark()s it.

dom/MessagePort.cpp:
(WebCore::MessagePort::postMessage):
(WebCore::MessagePort::disentangle):
Removes cloned ports from the ScriptExecutionContext - this allows cloned ports to be GC'd as otherwise they look like remotely entangled ports.
(WebCore::MessagePort::start):
(WebCore::MessagePort::locallyEntangledPort):
Added API for fetching the entangled port if it is run by the same thread

dom/MessagePort.h:

dom/MessagePortProxyWrapper.h:

dom/default/MessagePortProxy.cpp:
(WebCore::MessagePortProxyWrapper::locallyEntangledPort):
Added API for fetching the entangled port if it is run by the same thread
(WebCore::MessagePortProxy::hasPendingActivity):
Changed definition of hasPendingActivity() to be stricter - only returns true if there are pending messages.
(WebCore::MessagePortProxy::locallyEntangledPort):

Refactored MessagePortProxy into MessagePortChannel and a platform-dependent PlatformMessagePortChannel
implementation. Modified APIs to simplify cross-process implementations by moving the messaging code
entirely into the platform-dependent proxy.

Created a thread-safe default PlatformMessagePortChannel implementation.

Changed DOMWindow messaging to create the MessageEvent in the target ScriptExecutionContext to match how
cross-thread MessagePorts work.

GNUMakefile.am:

WebCore.vcproj/WebCore.vcproj:

WebCore.xcodeproj/project.pbxproj:

Added MessagePortChannel/PlatformMessagePortChannel files.

bindings/js/JSMessagePortCustom.cpp:
(WebCore::JSMessagePort::mark):

Changed ports to not mark their entangled pair as reachable, per the spec.

bindings/v8/custom/V8MessagePortCustom.cpp:

dom/MessageChannel.cpp:
(WebCore::MessageChannel::MessageChannel):

Updated to use PlatformMessagePortChannel::createChannel() to entangle the ports.

dom/Node.cpp:
(WebCore::Node::dispatchGenericEvent): Make the DOMWindow the currentTarget when events are dispatched
to it. We previously used the document because DOMWindow was not yet an EventTarget.

editing/TextIterator.cpp:
(WebCore::TextIterator::handleReplacedElement): When entering a text control,
start at the top of the shadow tree (by calling shadowTreeRootNode). Also
remove assumption that innerTextElement will never be 0 since RenderTextControl
doesn't really guarantee this.